ci: bump actions/setup-go from 6.3.0 to 6.4.0

[dependabot]

Bumps actions/setup-go from 6.3.0 to 6.4.0.

Release notes

Sourced from actions/setup-go's releases.

v6.4.0

What's Changed

Enhancement

• Add go-download-base-url input for custom Go distributions by @​gdams in actions/setup-go#721

Dependency update

• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in actions/setup-go#727

Documentation update

• Rearrange README.md, add advanced-usage.md by @​priyagupta108 in actions/setup-go#724
• Fix Microsoft build of Go link by @​gdams in actions/setup-go#734

New Contributors

• @​gdams made their first contribution in actions/setup-go#721

Full Changelog: actions/setup-go@v6...v6.4.0

Commits

• 4a36011 docs: fix Microsoft build of Go link (#734)
• 8f19afc feat: add go-download-base-url input for custom Go distributions (#721)
• 27fdb26 Bump minimatch from 3.1.2 to 3.1.5 (#727)
• def8c39 Rearrange README.md, add advanced-usage.md (#724)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[greptile-apps]

Greptile Summary

This PR is an automated Dependabot update that bumps actions/setup-go from v6.3.0 to v6.4.0 across all three GitHub Actions workflow files (ci.yml, rc.yml, release.yml).

• Both the pinned commit SHA and the inline version comment are updated consistently across all three workflows.
• The new version (v6.4.0) adds an optional go-download-base-url input for custom Go distributions and upgrades the internal minimatch dependency from 3.1.2 to 3.1.5.
• SHA pinning is correctly maintained, which is a good security practice for third-party actions.
• No functional changes to the workflow logic, Go version, or cache configuration.

Confidence Score: 5/5

• Safe to merge — routine dependency bump with no functional changes.
• All three workflow files are updated consistently with the correct new SHA and version comment. No logic, configuration, or security concerns are introduced. The change is minimal, low-risk, and follows best practices (SHA pinning).
• No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/ci.yml	Bumps actions/setup-go from v6.3.0 to v6.4.0 with updated pinned SHA — no issues found.
.github/workflows/rc.yml	Bumps actions/setup-go from v6.3.0 to v6.4.0 with updated pinned SHA — no issues found.
.github/workflows/release.yml	Bumps actions/setup-go from v6.3.0 to v6.4.0 with updated pinned SHA — no issues found.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Dependabot Update] --> B[actions/setup-go v6.3.0 → v6.4.0]
    B --> C[ci.yml]
    B --> D[rc.yml]
    B --> E[release.yml]
    C --> F[SHA: 4b73464... → 4a36011...]
    D --> F
    E --> F

Loading

_{Reviews (1): Last reviewed commit: "ci: bump actions/setup-go from 6.3.0 to ..." | Re-trigger Greptile}